All posts by Jeff Barkley

The Washington Post reported that Washington DC City officials were hit by ransomware that, between Jan. 12 and Jan. 15, left the police cameras unable to record events. The cyberattack affected 123 of 187 cameras network video recorders deployed in a closed circuit TV system for public spaces across the city, the officials said late Friday in disclosing the event.

We encourage all of Tyco Security Products customers to take cybersecurity seriously and highly recommend implementing validated backup and restoration processes. Ensuring that our products have comprehensive capabilities required for a resilient operation is one part of our Six Part Approach to Cyber Protection of Physical Security Products. Read about it and other cybersecurity best practices on our Cyber Protection webpage and sign up to receive cybersecurity advisories.

A new report from the Ponemon Institute, IBM, and Arxan claims that just 20% of IoT apps are actually tested for vulnerabilities. In addition 46% were sure their organization experienced a breach due to an insecure IoT app. We encourage all of Tyco Security Products customers to take cyber-security seriously. That is why we have developed a Six Part Approach to Cyber Protection of Physical Security Products which includes on-going rigorous testing. Read about it and other cyber-security best practices on our Cyber Protection webpage and sign up to receive cyber-security advisories.

Cyber security breaches aren’t limited to high profile incidents such as credit card information theft from retail companies or personal information theft from government organizations. As recently reported by Reuters, ThyssenKrupp AG (TKAG.DE) was subject to various cyber attacks in their steel production and manufacturing plant design divisions earlier this year, resulting in loss of technical trade secrets and project data (http://www.reuters.com/article/us-thyssenkrupp-cyber-idUSKBN13X0VW) .

It’s common knowledge that encrypted communication and other device hardening features are necessary for cybersecurity, but it’s vitally important to think beyond hardening. Now that the security industry has adopted IP technology, manufacturers and integrators must consider not only the security operator’s needs, but also those of the IT manager.

An unsecured device can be the target of a cyber attack that might affect the entire network. While IT managers in government agencies, utilities, transportation, retail operations and financial enterprises are most acutely aware of the dire consequences of a successful hack, IT managers in all sectors are demanding security measures that go well beyond hardening before accepting devices onto their networks.

Here are four features that Tyco Security Products offers to achieve network acceptance for our Software House C•CURE 9000 Access Control Systems and American Dynamics victor Unified Video Management Systems that incorporate iSTAR controllers:

While hardening is important, it does not guarantee that the device you install today will be secure tomorrow. Potential problems can lie dormant for years and then provide easy access for hackers when uncovered. For example, Shellshock was actually introduced as a product feature in 1989. Its vulnerability existed undetected in numerous products — including “hardened” versions of Linux and Unix operating systems — for 25 years. But within a single day of the vulnerability announcement in 2014, hackers reportedly were taking advantage of this critical bug.

At Tyco Security Products, we understand that a vulnerability discovered in one of our security products could potentially put your entire business at risk. That’s why we’ve put a team and process in place designed to deliver a fast, actionable response to help protect your investments from harm.

Our Cyber Protection Team continuously monitors for vulnerabilities using multiple resources. When a new bug is discovered, the Cyber Protection Team and key product engineers work quickly to tackle and resolve security concerns before they become critical to your operation.

This dedicated response enables us to create a security advisory, typically within 24 hours. The notification includes information about which products are vulnerable along with mitigation steps. It also lists products that we have confirmed are not vulnerable for greater peace of mind.

In the case of significant vulnerabilities, advisories are updated as needed until the issues are resolved. Quality engineers ensure that software patches are fully tested and validated. While we cannot predict how long it will take to resolve an issue, it took the team just two weeks to deliver patches for ShellShock and Heartbleed, both critical vulnerabilities.